Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Trachman writes: Popular Science magazine recently published an article about a network of cell towers owned not by telecommunication companies but by unknown third parties. Many of them are built around U.S. military bases. "Interceptors vary widely in expense and sophistication – but in a nutshell, they are radio-equipped computers with software that can use arcane cellular network protocols and defeat the onboard encryption. ... Some interceptors are limited, only able to passively listen to either outgoing or incoming calls. But full-featured devices like the VME Dominator, available only to government agencies, can not only capture calls and texts, but even actively control the phone, sending out spoof texts, for example."

If these towers are not registered with the FCC, then what would happen if one possibly fell over?

Nothing. Like a tree falling in a forest with nobody around to hear it. Besides being factious that FCC no longer does enforcement but probably get attention from OSHA or local planning dept that issues permits.

I never did that but a long time ago (80s) I did listen to some fascinating conversations broadcast in the clear around 1.7 MHz - just past the AM band - off of a cordless phone somewhere near my neighborhood. I had an old Hallicrafters shortwave radio that weighed nearly as much as I did (even more with the big external speaker). I don't remember the details of the conversations, only that it was mostly stupid stuff as would be expected.

I was told it was illegal. Whether that was just FCC strong-arming or not, I don't know. I was a teenager when I did that and I figured correctly that there was no harm or consequence to be had. Most of the TV sets, even in the 1980s could not do it.

I think because most TV sets to save components and making alignment easier used a so called intercarrier circuit, where if no video signal carries was present, no audio signal could be demodulated. Newer tv sets had also a mute cicuit that engaged when poor TV signal was present.

I'd give the US military more credit than that. They wouldn't place their own interceptors directly on their bases, but nearby. Else, how would you have plausible deniability?

It is likely that the military doesn't need deniability. Many FCC rules don't apply to the military. It is quite likely that they they can legal operate their own cell towers. Similar exceptions are made for prisons, which can operate their own cell towers [latimes.com] to keep inmates from making calls from smuggled cell phones.

It is likely that the military doesn't need deniability. Many FCC rules don't apply to the military.

military, like other federal agencies are "licensed" and freq coordinated by the NTIA and there databases are not publicly available like FCC general menu reports. http://fjallfoss.fcc.gov/Gener... [fcc.gov]

Try harder. Governmental bodies also need licenses, and that article doesn't in any way claim otherwise. In fact, it refers to jammers being illegal. What's happening is that the prison contractor is working with the local cell companies, who have the licenses.

Well, they are FCC regulated within the US, but you're basically talking about the government regulating itself. Mostly the FCC's concern is going to be interference - not even the Air Force wants to spend a billion dollars on some fancy radar system only to find out that the Navy spent a billion dollars building a fancy communications system that uses the same frequencies/etc. Obviously spread spectrum mitigates many of these issues, but not entirely so.

This is a good article, as before I had no idea such sophisticated rogue towers were such a threat all over the US.

It is common. Where I live, in San Jose, California, our police department was caught illegally monitoring phone calls by operating a Stingray [wikipedia.org], which mimics a cell phone tower. Of course no one was punished or disciplined, and certainly no one lost their badge, because, hey, they are cops, and boys will be boys.

If they indeed are Chinese (or otherwise foreign) spy towers, and so easily detected (the authors of the article didn't seem to have a hard time finding such towers), there's something terribly, terribly wrong with your homeland security.

They are US towers designed to track people who visit military sites. If some potential terrorist visits a few different military sites to do reconnaissance with their phone they can be flagged up in a database somewhere. As a bonus whoever owns those towers gets to monitor all the calls, texts and data going through them. They probably like to keep an eye on military personnel too, in case any of them are traitors.

If they indeed are Chinese (or otherwise foreign) spy towers, and so easily detected (the authors of the article didn't seem to have a hard time finding such towers), there's something terribly, terribly wrong with your homeland security.

Too many stupid people have access to technology. Too many people think that because a tower has a conical cross section that it is a cell phone tower.

But hey, just because they looked up in the sky and saw a condensation trail, or a rainbow, or a tower, doesn't mean that contrails or rainbows or towers around military bases haven't existed for a long long long time.

(the authors of the article, who make about $3500 a pop selling reflashed phones to paranoid rich guys who do business in Asia, didn't seem to have a hard time finding such towers and making the hasty connection to China),

FTFY. And yes, these are US DoD towers used to prevent leaks of classified info and do other counterespionage monitoring.

If they indeed are Chinese (or otherwise foreign) spy towers, and so easily detected (the authors of the article didn't seem to have a hard time finding such towers), there's something terribly, terribly wrong with your homeland security.

The problem is that when any little police department is allowed to deploy this sort of thing and it ends up being ubiquitous, how do you even detect when somebody is using one to spy on you.

I mean, if the Chinese (or whoever your favorite boogeyman is) drove a tank up I-95 towards Washington DC, you can bet that somebody would notice and put a stop to it before it could do anything serious. On the other hand, if every police department routinely patrolled the highways with tanks just in case they ran into

What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.

The summary says...

Many of them are built around U.S. military bases.

Way to slant the summary to make it look like Chinese towers rather than our towers.

I do not think those statements mean different things. They could, but from what I know of cell towers all they could really know is that the tower is near the base, not if it was right on it or not. It's not like they were triangulating the signal or anything.

What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.

The summary says...

Many of them are built around U.S. military bases.

Way to slant the summary to make it look like Chinese towers rather than our towers.

Considering that data exfiltration via 4G networks can be fast and run from nearly anywhere, it's not surprising at all that military installations (probably ones with secrets to keep) use these towers as a way to know exactly what's going in/out of their territory. It sure beats something as on-the-nose as simply using RF interference to block all calls/texts/data. They can catch would-be espionage spies in the act and probably even ID who sent them.

It seems like someone could create an app that detects these towers for any Android phone. There are public databases of known towers, or ones could easily be created. Then the phone simply downloads the database and periodically checks if the tower it is connected to is in there. If it isn't you know it is either very new or a fake one.

The fact that these towers are found next to military bases speaks volumes.

The military needs to there own version of everything to make sure things work in times of national crisis, emergency, or security. They need to have their own infrastructure to insure communications. They need to control their communications around bases and know who is saying or doing what. They need to be able to anticipate attacks. Nobody should have any expectation of privacy on or next to a military base.

Uh, yeah, but the military can damn well make sure their hardware only interfaces with other military hardware, not your cell phone, and not prioritize your civilian traffic over their 'emergency, auxilary, or military channels'.

Nobody should have any expectation of privacy on or next to a military base.

The civilians living next to the military base expect the military to defend their freedom to expect privacy. Otherwise the military is not doing the job that the civilians are paying for. That is how civilized society functions, the military answers to civilian authority.

You are welcome to relocate to a military dictatorship if you want. There are plenty to choose from. Do not bother coming back.

The fact that these towers are found next to military bases speaks volumes.

The military needs to there own version of everything to make sure things work in times of national crisis, emergency, or security. They need to have their own infrastructure to insure communications. They need to control their communications around bases and know who is saying or doing what. They need to be able to anticipate attacks. Nobody should have any expectation of privacy on or next to a military base.

Quite frankly, I'm glad to see this.

Last time I checked, my constitutional rights didn't get suspended inside a casino in Las Vegas... did you miss that part? Many were on bases, but not all or even most. If the military wants to control their own communications they are welcome to start their own cellular network, they could even use these towers and then have their staff roam to other networks when they weren't near a base.

The only reason they are doing this is to intercept the calls of us citizens which is both illegal and unconstitutional. Your imaginary safety is not worth my constitutional rights. This sort of surveillance is exactly what the constitution was created to protect us from. It's not some weird esoteric thing the founders could never have anticipated like Machine guns or Abortions. This is the government listening in to the private correspondence of citizens for the sole purpose of security. That's expressly and unarguably forbidden legally, constitutionally and every other way you can think of.

Maybe there are different things going on, like maybe the military bases have their own separately-powered communications that are sort of legitimate, and the interception near the casino is more on the shady side (with a supposedly good reason like "make sure nobody is using cellphones or video to cheat the casino").

I think you're overreacting to the threat from the government. I'm not worried about military surveillance around military bases, because I don't have to go driving near military bases (and

Whether you have to drive around a military base depends upon where you are. Here there are several large military installations in and around a densely populated metro area. One of the main roads goes by not one but two of them. There simply isn’t a realistic way to avoid them here. I’d have to drive 50 miles or more out of my way every day to avoid them. Even then half the metro area would be off limits to me. So whatever they are doing I am pretty much going to have to accept it because I a

There is no U.S. constitutional right to privacy. This is particularly true where your communications are broadcast in the clear for the world to receive. (You do know that's what your cell phone does, right?)

In the U.S. your right to privacy, to the extent you have one, is granted by statute. Your constitutional right to be secure in your person keeps the government from reaching into your pocket, not from listening to your public ramblings.

The government can only do what the constitution says it can. The constitution is not a list of rights that citizens have, but a list of powers that the government has. Therefore, there is a constitutional right to privacy unless explicitly stated otherwise.

This is particularly true where your communications are broadcast in the clear for the world to receive.

Oh, fuck off. I damn well expect the government to not listen to my communications. And say, "Well, it would be pretty easy to listen to your conversation!" doesn't mean that it's moral to do so. My conversation is between me and the person I'm talking t

The government can only do what the constitution says it can. The constitution is not a list of rights that citizens have, but a list of powers that the government has. Therefore, there is a constitutional right to privacy unless explicitly stated otherwise.

And by the same logic the government can't stop you from driving your car on the public roads or from selling narcotics on the corner.

This is particularly true where your communications are broadcast in the clear for the world to receive.

Oh, fuck off. I damn well expect the government to not listen to my communications. And say, "Well, it would be pretty easy to listen to your conversation!" doesn't mean that it's moral to do so. My conversation is between me and the person I'm talking to. It's not public just because it's transmitted in the clear, and people like you with a such a privacy-hostile mentality are the cause of things such as the TSA, the NSA's mass surveillance, and warrantless wiretapping in general.

I will choose to "fuck off" behind closed doors. You apparently want to fuck off in the street and expect everyone else to turn away or go to jail. If you want to post your conversations in public places, then you can't reasonably expect them to be private, even under the color of your warped sense of morality. (Let me help you to notice the obvious: there is no wire to wiret

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

This is the military opening our mail, literally. That's unconstitutional and illegal. Period.

Yes there is. It is contained in implications of and the relationships between the 4th, 9th and 14th amendments. See Griswold v. Connecticut [cornell.edu] for more details.

No, there isn't. The case law you refer to defines aspects of privacy in the "penumbra" of other rights. Now, I can define any term I want to any way I want to and, if it appears in a Supreme Court case, it instantly becomes "the law" to those who want it to be. The "right to privacy" that Griswold discusses is the right individuals have to control aspects of their lives (such as the use of contraception). Griswold does not grant any right to keep the government from peering in your open windows, following you around town or reading your postcards you put in the mail.

Perhaps the most supportive case you have is Mapp v. Ohio: http://www.law.cornell.edu/sup... [cornell.edu]... and that says that the government can't invade your SECURED residence to collect evidence. If you leave the information or the evidence in the open (as you're doing when you broadcast your cell phone conversations), you aren't protected by that decision. If you walk out to the street and shout a message to the world, there is no "right to privacy" granted by the Constitution you can use to keep anyone from hearing and recording it.

May I suggest to you that the flaw in your lack of "privacy" lies in the technology, and not in the law as it presently stands? Do you want privacy? Then demand it from your communications carrier, or see that you implement any necessary encryption yourself.

If so, why would those towers be only at their bases? If using regular mobile phone frequencies (or frequencies close to those), they won't be able to create a complete network out of them, simply because the reach of those towers is limited to some 50 km, or the nearest mountain or tall building. Get off the base, and lose your communication - doesn't sound like a very useful system in case of emergency or war.

The fact that these towers are found next to military bases speaks volumes.

The military needs to there own version of everything to make sure things work in times of national crisis, emergency, or security. They need to have their own infrastructure to insure communications. They need to control their communications around bases and know who is saying or doing what. They need to be able to anticipate attacks. Nobody should have any expectation of privacy on or next to a military base.

Quite frankly, I'm glad to see this.

RTFA and it says the towers were found ON not NEAR the bases.

I also have enough confidence in the military that they have entire books of regulations covering things like radio towers being anywhere near a base.

The military needs to there own version of everything to make sure things work in times of national crisis, emergency, or security.

The military has their own radios for just that reason. They aren't going to depend on cell phones in a national security crisis. They certainly aren't going to try to harden a consumer cell phone and use it as a substitute for whatever the tanks on the battlefield use to communicate.

This came up in Iraq (I think that was Iraq v2, but maybe it happened in v1). The guys in the field had big clunky milspec GPS receivers, and many found consumer GPS units to be more featured and easier to use. The problem

The article doesn't say they are towers. It says that, to phones, they look like towers. Presumably, to people, they don't look like towers.

Interceptors look to a typical phone like an ordinary tower. Once the phone connects with the interceptor, a variety of “over-the-air” attacks become possible, from eavesdropping on calls and texts to pushing spyware to the device.... Interceptors vary widely in expense and sophistication – but in a nutshell, they are radio-equipped computers with software that can use arcane cellular network protocols and defeat the onboard encryption.

Except that the reason they place cell infrastructure on top of towers is not arbitrary. It is not like they can hide these "cell towers" 50 feet underground. Sure they could paint them blue, but they have to be high, and there are not really too many other ways of building something that is really high.

Small cell hardware can be offered some concealment as signs, trees, big cactus, wider flag poles, bell towers, thin onto brick walls or fake wood sidings, water towers, added rooftop enclosures, fake tinted glass, in a new chimney box, fake dormers, cupola.
It just depends on who is paying and what fits in with the surrounding area.

Cell towers are usually owned or shared by telco firms, brands, providers that try to encrypt their users and are kind of easy to spot with hardware.
The "Phony" cell towers do not respond or act in the same way. They are fake but still fool a users phone into making a network connection.
Tame consumer grade hardware is fooled into seeing just another cell tower.

From the mouths of ANYONE who isn't an American.STOP FUCKING GEO-REDIRECTING LINKS FOR FOREIGNERS YOU ASSHOLES.

Jesus christ fuck me gently it's the worst god damned thing to do on any web page, I think it might actually be worse than "this content is not available in your region" - because at least it takes us (mostly) to what we wanted.

So, a magazine website would rather you visit their local version, to serve you better targeted ads, or local interest stories, or load leveling, or prices in local currency, or subscription services on the same continent, or maybe even to serve you better with faster access, and this is some American scheme to abuse you? Did it ever occur to you that an Australian company (or a German one, or...) wanting to create content unique to multiple continents might do the same thing? Or do you actually think URL r

so you mean to tell me that the telcos that spend millions, billions on spectrum licensing don't spot rogue basestations mooching on their frequency allocations ? Or were all of these in unlicensed spectrum ?

So, the iPhone he says unhelpfully didn't tell him there was a rogue tower...was actually aware of the rogue tower, and therefore not compromised? That it would have warned him if he tried to communicate through it, and has therefore already, for years, been doing the same thing his secure phone does? You mean someone who is selling a secure phone is making up a use case for it?

If I recall correctly, this doesn't detect stingray, because stingray looks like any other cell tower.

It seems that stingray is an imsi-catcher so unless there's a way for law enforcement to disable the notification (which I said may be the case in my original post) I think it should work.http://en.wikipedia.org/wiki/S... [wikipedia.org]

A few news sites and tech sites have:
"Android security mystery 'fake' cellphone towers found in U.S." (28 AUG 2014)http://www.welivesecurity.com/... [welivesecurity.com]
Fake, phone-attacking cell-towers are all across America (Sep 1, 2014)http://boingboing.net/2014/09/... [boingboing.net]
"The fake "interceptor" towers force your phone to back \\down to an easy-to-break 2G connection, then goes to work"
"..the baseband firewall on the Cryptophone set off alerts showing that the phones encryption had been turned off, and that the cell tow

Unencrypted Connection Les Goldsmith Like many of the ultra-secure phones that have come to market in the wake of Edward Snowden's leaks, the CryptoPhone 500, which is marketed in the U.S. by ESD America and built on top of an unassuming Samsung Galaxy SIII body, features high-powered encryption. Les Goldsmith, the CEO of ESD America, says the phone also runs a customized or "hardened" version of Android that removes 468 vulnerabilities that his engineering team team found in the stock installation of the OS.

His mobile security team also found that the version of the Android OS that comes standard on the Samsung Galaxy SIII leaks data to parts unknown 80-90 times every hour. That doesn't necessarily mean that the phone has been hacked, Goldmsith says, but the user can't know whether the data is beaming out from a particular app, the OS, or an illicit piece of spyware. His clients want real security and control over their device, and have the money to pay for it.

To show what the CryptoPhone can do that less expensive competitors cannot, he points me to a map that he and his customers have created, indicating 17 different phony cell towers known as “interceptors,” detected by the CryptoPhone 500 around the United States during the month of July alone. Interceptors look to a typical phone like an ordinary tower. Once the phone connects with the interceptor, a variety of “over-the-air” attacks become possible, from eavesdropping on calls and texts to pushing spyware to the device.

“Interceptor use in the U.S. is much higher than people had anticipated,” Goldsmith says. “One of our customers took a road trip from Florida to North Carolina and he found 8 different interceptors on that trip. We even found one at South Point Casino in Las Vegas.”

Who is running these interceptors and what are they doing with the calls? Goldsmith says we can’t be sure, but he has his suspicions.

“What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases. So we begin to wonder – are some of them U.S. government interceptors? Or are some of them Chinese interceptors?” says Goldsmith. “Whose interceptor is it? Who are they, that's listening to calls around military bases? Is it just the U.S. military, or are they foreign governments doing it? The point is: we don't really know whose they are.”

Ciphering Disabled Les Goldsmith

Interceptors vary widely in expense and sophistication – but in a nutshell, they are radio-equipped computers with software that can use arcane cellular network protocols and defeat the onboard encryption. Whether your phone uses Android or iOS, it also has a second operating system that runs on a part of the phone called a baseband processor. The baseband processor functions as a communications middleman between the phone’s main O.S. and the cell towers. And because chip manufacturers jealously guard details about the baseband O.S., it has been too challenging a target for garden-variety hackers.

“The baseband processor is one of the more difficult things to get into or even communicate with,” says Mathew Rowley, a senior security consultant at Matasano Security. “[That’s] because my computer doesn't speak 4G or GSM, and also all those protocols are encrypted. You have to buy special hardware to get in the air and pull down the waves and try to figure out what they mean. It's just pretty unrealistic for the general community.”

But for governments or other entities able to afford a price tag of “less than $100,000,” says Goldsmith, high-quality interceptors are quite realistic. Some interceptors are limited, only able to passively listen to either outgoing or incoming calls. But full-featured

Interesting. The immediate question in my mind is can our regular phones be made to detect these interceptor towers and how is he doing so? How does he know that these are not micro-cells that have been added to increase capacity (not that it might be possible to tell the difference).

The problem is that the typical smartphone is designed to protect the baseband OS from the front-end OS, and not the other way around. If that baseband OS has full access to memory/IO and it is subverted, then you're talking about a rootkit detection problem from inside the rootkitted OS, and that is always tricky to do. The major vendors don't even try.

The solution security vendors like Blackphone and such pursue is to contain the baseband OS. For FCC reasons they probably still have to protect it from

The price has dropped to city, state and federal budget level for some of the tower like products.
The problem is more people now understand just how their low cost cell phone works as a gps becon, text, photo, calls list and voice, voice print collector.
The costs for voice systems like this in Ireland, South America where mil only historically. Now any regional, city, gov with funding can have a go at years of "warrantless surveillance".
The only issue is the upgrade to next gen costs and keeping detail

What if you have to talk to a normal person, and they don't have a clue about encryption? Encryption requires technical knowledge at both ends of the phone call. Even if you use encryption, "they" can still see who you are calling and how long you talk.

The kids today need to learn the lessons we did when the operator could very obviously listen in to every call and would sometimes even break in and say something. The technology has changed but the capability is not just still there, it's easier. Never say anything on a phone that you would hate to see in a newspaper (or on a blog) - that most definitely includes credit card numbers.

If you read the article, the interceptors hack into the baseband processor (that's not the phone OS-- it's the system that controls the radio system in the phone), and switch the connection "from 4G down to 2G, a much older protocol that is easier to de-crypt in real-time. But the standard smart phones didn’t even show they’d experienced the same attack."

So you may think you're using encryption, and stop whining. But although your phone says you are encrypted, you have been switched to a break

Ideally you would be using encryption on top of this to which only you and the party at the other end had the keys. This would mean not using the phone features of the phone.

I'm not sure it's possible but ideally you could also block any non-encrypted and targetted connections from the phone also to prevent leakage of private data. This would pretty much disable it as a general internet access device though.

The other question is then what where telco teams and gov teams doing when they scan for allocated spectrum issues? Own tower, competitor networks, new interfering hardware to be located and that local 'fake' mobile tower should kind of show up on normal regional cell maintenance work. What do telco staff do? Just let the 'fake' mobile devices work alongside their own expensive networks 24/7 over years? Thats their brands network thats been used by some fake device...
Are new staff instructed only to w